From: Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Milan Knížek" <knizek.confy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: mount.cifs multiuser w/o krb5? How?
Date: Mon, 9 Jul 2012 06:26:08 -0400 [thread overview]
Message-ID: <20120709062608.3a67445f@tlielax.poochiereds.net> (raw)
In-Reply-To: <1341612593.26748.9.camel-77nuZImz6nKt3pJmeLR6bw@public.gmane.org>
On Sat, 07 Jul 2012 00:09:53 +0200
Milan Knížek <knizek.confy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Jeff Layton píše v Pá 06. 07. 2012 v 14:15 -0400:
>
> Hello Jeff,
>
> > On Wed, 04 Jul 2012 20:52:17 +0200
> > Milan Knížek <knizek.confy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > To move on for multiuser: adding the credentials to the keyring:
> > > [user1@client /]$ cifscreds add server
> > > and typing in the password.
> > >
> > > (Similarly for user2.)
> > >
> > > When I remount the same share with "multiuser" option with the
> > > credentials of user1, the share is accessible only by the root user, the
> > > users user1 and user2 cannot list the mount point (cannot access /mnt:
> > > Permission denied)
> > >
> >
> > Can you clarify exactly what you did above? How, exactly did you
> > remount the share?
>
> I actually unmounted and mounted again with the extra "multiuser"
> option.
>
Ok, good...
> > > Adding cifscreds has exit code 0. Running "cifscreds clearall" results
> > > in "You have no stashed cifs credentials. If you want to add them use:
> > > cifscreds add" and exit code 1. That's weird.
> > >
> >
> > After you do the "cifscreds add", if you then do a "keyctl show" does
> > it show the cifs keys attached to your session keyring?
> >
> > One thing that may be biting you: cifscreds attaches the keys to the
> > session keyring. If you do the "add" in one session and then try to
> > access from another, it won't work since the keys just aren't present.
> > The fact that "clearall" doesn't find any creds leads me to suspect
> > that's what's going on here.
> >
> > The scope of a "session" in keys parlance is unfortunately somewhat
> > poorly defined, but you basically need to do the "cifscreds add" from
> > each login. A graphical login on the console would be a single session
> > however.
>
> Hm, I will need to read more on the keyrings in kernel...
>
> Anyway, here are some details:
> [root@client /]# su - zmrzlinka
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 14048542 --alswrv 1001 -1 keyring: _uid_ses.1001
> 320075663 --alswrv 1001 -1 \_ keyring: _uid.1001
> [zmrzlinka@client ~]$ cifscreds add -u zmrzlinka toillet
> Password: [blabla]
> [zmrzlinka@client ~]$ keyctl show
> Session Keyring
> 14048542 --alswrv 1001 -1 keyring: _uid_ses.1001
> 320075663 --alswrv 1001 -1 \_ keyring: _uid.1001
>
> It does not seem to change anything. Is there a way how to add the key
> to the keyring using "keyctl" instead of "cifscreds" (for testing
> purposes)?
>
> Regards,
> Milan
Ok, that at least gives us something to go on. Running this under
strace might give us some sort of clue as to the problem as well.
cifscreds add is more or less equivalent to a command like this:
$ keyctl add logon cifs:a:ip_address 'username:password' @s
If the server is multi-homed, then cifscreds add will add a key for each
address in the list returned when the hostname is resolved.
--
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
next prev parent reply other threads:[~2012-07-09 10:26 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-04 18:52 mount.cifs multiuser w/o krb5? How? Milan Knížek
[not found] ` <1341427937.3252.6.camel-77nuZImz6nKt3pJmeLR6bw@public.gmane.org>
2012-07-06 18:15 ` Jeff Layton
[not found] ` <20120706141543.1b564c11-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2012-07-06 22:09 ` Milan Knížek
[not found] ` <1341612593.26748.9.camel-77nuZImz6nKt3pJmeLR6bw@public.gmane.org>
2012-07-09 10:26 ` Jeff Layton [this message]
2012-07-10 21:01 ` knizek-VIXq6x/3rUk
2012-07-10 21:05 ` knizek-VIXq6x/3rUk
2012-07-11 19:05 Milan Knížek
2012-07-11 19:56 ` Jeff Layton
2012-07-11 19:06 Milan Knížek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120709062608.3a67445f@tlielax.poochiereds.net \
--to=jlayton-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=knizek.confy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.